8069551: Move java.security.acl from compact3 to java.base
Reviewed-by: alanb, mullan, wetmore
--- a/jdk/make/src/classes/build/tools/module/boot.modules Tue Feb 03 14:39:57 2015 -0500
+++ b/jdk/make/src/classes/build/tools/module/boot.modules Tue Feb 03 14:09:20 2015 -0800
@@ -11,7 +11,6 @@
java.prefs
java.rmi
java.scripting
-java.security.acl
java.security.jgss
java.security.sasl
java.smartcardio
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Acl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+import java.util.Enumeration;
+import java.security.Principal;
+
+/**
+ * Interface representing an Access Control List (ACL). An Access
+ * Control List is a data structure used to guard access to
+ * resources.<p>
+ *
+ * An ACL can be thought of as a data structure with multiple ACL
+ * entries. Each ACL entry, of interface type AclEntry, contains a
+ * set of permissions associated with a particular principal. (A
+ * principal represents an entity such as an individual user or a
+ * group). Additionally, each ACL entry is specified as being either
+ * positive or negative. If positive, the permissions are to be
+ * granted to the associated principal. If negative, the permissions
+ * are to be denied.<p>
+ *
+ * The ACL Entries in each ACL observe the following rules:
+ *
+ * <ul> <li>Each principal can have at most one positive ACL entry and
+ * one negative entry; that is, multiple positive or negative ACL
+ * entries are not allowed for any principal. Each entry specifies
+ * the set of permissions that are to be granted (if positive) or
+ * denied (if negative).
+ *
+ * <li>If there is no entry for a particular principal, then the
+ * principal is considered to have a null (empty) permission set.
+ *
+ * <li>If there is a positive entry that grants a principal a
+ * particular permission, and a negative entry that denies the
+ * principal the same permission, the result is as though the
+ * permission was never granted or denied.
+ *
+ * <li>Individual permissions always override permissions of the
+ * group(s) to which the individual belongs. That is, individual
+ * negative permissions (specific denial of permissions) override the
+ * groups' positive permissions. And individual positive permissions
+ * override the groups' negative permissions.
+ *
+ * </ul>
+ *
+ * The {@code java.security.acl } package provides the
+ * interfaces to the ACL and related data structures (ACL entries,
+ * groups, permissions, etc.), and the {@code sun.security.acl }
+ * classes provide a default implementation of the interfaces. For
+ * example, {@code java.security.acl.Acl } provides the
+ * interface to an ACL and the {@code sun.security.acl.AclImpl }
+ * class provides the default implementation of the interface.<p>
+ *
+ * The {@code java.security.acl.Acl } interface extends the
+ * {@code java.security.acl.Owner } interface. The Owner
+ * interface is used to maintain a list of owners for each ACL. Only
+ * owners are allowed to modify an ACL. For example, only an owner can
+ * call the ACL's {@code addEntry} method to add a new ACL entry
+ * to the ACL.
+ *
+ * @see java.security.acl.AclEntry
+ * @see java.security.acl.Owner
+ * @see java.security.acl.Acl#getPermissions
+ *
+ * @author Satish Dharmaraj
+ */
+
+public interface Acl extends Owner {
+
+ /**
+ * Sets the name of this ACL.
+ *
+ * @param caller the principal invoking this method. It must be an
+ * owner of this ACL.
+ *
+ * @param name the name to be given to this ACL.
+ *
+ * @exception NotOwnerException if the caller principal
+ * is not an owner of this ACL.
+ *
+ * @see #getName
+ */
+ public void setName(Principal caller, String name)
+ throws NotOwnerException;
+
+ /**
+ * Returns the name of this ACL.
+ *
+ * @return the name of this ACL.
+ *
+ * @see #setName
+ */
+ public String getName();
+
+ /**
+ * Adds an ACL entry to this ACL. An entry associates a principal
+ * (e.g., an individual or a group) with a set of
+ * permissions. Each principal can have at most one positive ACL
+ * entry (specifying permissions to be granted to the principal)
+ * and one negative ACL entry (specifying permissions to be
+ * denied). If there is already an ACL entry of the same type
+ * (negative or positive) already in the ACL, false is returned.
+ *
+ * @param caller the principal invoking this method. It must be an
+ * owner of this ACL.
+ *
+ * @param entry the ACL entry to be added to this ACL.
+ *
+ * @return true on success, false if an entry of the same type
+ * (positive or negative) for the same principal is already
+ * present in this ACL.
+ *
+ * @exception NotOwnerException if the caller principal
+ * is not an owner of this ACL.
+ */
+ public boolean addEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException;
+
+ /**
+ * Removes an ACL entry from this ACL.
+ *
+ * @param caller the principal invoking this method. It must be an
+ * owner of this ACL.
+ *
+ * @param entry the ACL entry to be removed from this ACL.
+ *
+ * @return true on success, false if the entry is not part of this ACL.
+ *
+ * @exception NotOwnerException if the caller principal is not
+ * an owner of this Acl.
+ */
+ public boolean removeEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException;
+
+ /**
+ * Returns an enumeration for the set of allowed permissions for the
+ * specified principal (representing an entity such as an individual or
+ * a group). This set of allowed permissions is calculated as
+ * follows:
+ *
+ * <ul>
+ *
+ * <li>If there is no entry in this Access Control List for the
+ * specified principal, an empty permission set is returned.
+ *
+ * <li>Otherwise, the principal's group permission sets are determined.
+ * (A principal can belong to one or more groups, where a group is a
+ * group of principals, represented by the Group interface.)
+ * The group positive permission set is the union of all
+ * the positive permissions of each group that the principal belongs to.
+ * The group negative permission set is the union of all
+ * the negative permissions of each group that the principal belongs to.
+ * If there is a specific permission that occurs in both
+ * the positive permission set and the negative permission set,
+ * it is removed from both.<p>
+ *
+ * The individual positive and negative permission sets are also
+ * determined. The positive permission set contains the permissions
+ * specified in the positive ACL entry (if any) for the principal.
+ * Similarly, the negative permission set contains the permissions
+ * specified in the negative ACL entry (if any) for the principal.
+ * The individual positive (or negative) permission set is considered
+ * to be null if there is not a positive (negative) ACL entry for the
+ * principal in this ACL.<p>
+ *
+ * The set of permissions granted to the principal is then calculated
+ * using the simple rule that individual permissions always override
+ * the group permissions. That is, the principal's individual negative
+ * permission set (specific denial of permissions) overrides the group
+ * positive permission set, and the principal's individual positive
+ * permission set overrides the group negative permission set.
+ *
+ * </ul>
+ *
+ * @param user the principal whose permission set is to be returned.
+ *
+ * @return the permission set specifying the permissions the principal
+ * is allowed.
+ */
+ public Enumeration<Permission> getPermissions(Principal user);
+
+ /**
+ * Returns an enumeration of the entries in this ACL. Each element in
+ * the enumeration is of type AclEntry.
+ *
+ * @return an enumeration of the entries in this ACL.
+ */
+ public Enumeration<AclEntry> entries();
+
+ /**
+ * Checks whether or not the specified principal has the specified
+ * permission. If it does, true is returned, otherwise false is returned.
+ *
+ * More specifically, this method checks whether the passed permission
+ * is a member of the allowed permission set of the specified principal.
+ * The allowed permission set is determined by the same algorithm as is
+ * used by the {@code getPermissions} method.
+ *
+ * @param principal the principal, assumed to be a valid authenticated
+ * Principal.
+ *
+ * @param permission the permission to be checked for.
+ *
+ * @return true if the principal has the specified permission, false
+ * otherwise.
+ *
+ * @see #getPermissions
+ */
+ public boolean checkPermission(Principal principal, Permission permission);
+
+ /**
+ * Returns a string representation of the
+ * ACL contents.
+ *
+ * @return a string representation of the ACL contents.
+ */
+ public String toString();
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/AclEntry.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+import java.util.Enumeration;
+import java.security.Principal;
+
+/**
+ * This is the interface used for representing one entry in an Access
+ * Control List (ACL).<p>
+ *
+ * An ACL can be thought of as a data structure with multiple ACL entry
+ * objects. Each ACL entry object contains a set of permissions associated
+ * with a particular principal. (A principal represents an entity such as
+ * an individual user or a group). Additionally, each ACL entry is specified
+ * as being either positive or negative. If positive, the permissions are
+ * to be granted to the associated principal. If negative, the permissions
+ * are to be denied. Each principal can have at most one positive ACL entry
+ * and one negative entry; that is, multiple positive or negative ACL
+ * entries are not allowed for any principal.
+ *
+ * Note: ACL entries are by default positive. An entry becomes a
+ * negative entry only if the
+ * {@link #setNegativePermissions() setNegativePermissions}
+ * method is called on it.
+ *
+ * @see java.security.acl.Acl
+ *
+ * @author Satish Dharmaraj
+ */
+public interface AclEntry extends Cloneable {
+
+ /**
+ * Specifies the principal for which permissions are granted or denied
+ * by this ACL entry. If a principal was already set for this ACL entry,
+ * false is returned, otherwise true is returned.
+ *
+ * @param user the principal to be set for this entry.
+ *
+ * @return true if the principal is set, false if there was
+ * already a principal set for this entry.
+ *
+ * @see #getPrincipal
+ */
+ public boolean setPrincipal(Principal user);
+
+ /**
+ * Returns the principal for which permissions are granted or denied by
+ * this ACL entry. Returns null if there is no principal set for this
+ * entry yet.
+ *
+ * @return the principal associated with this entry.
+ *
+ * @see #setPrincipal
+ */
+ public Principal getPrincipal();
+
+ /**
+ * Sets this ACL entry to be a negative one. That is, the associated
+ * principal (e.g., a user or a group) will be denied the permission set
+ * specified in the entry.
+ *
+ * Note: ACL entries are by default positive. An entry becomes a
+ * negative entry only if this {@code setNegativePermissions}
+ * method is called on it.
+ */
+ public void setNegativePermissions();
+
+ /**
+ * Returns true if this is a negative ACL entry (one denying the
+ * associated principal the set of permissions in the entry), false
+ * otherwise.
+ *
+ * @return true if this is a negative ACL entry, false if it's not.
+ */
+ public boolean isNegative();
+
+ /**
+ * Adds the specified permission to this ACL entry. Note: An entry can
+ * have multiple permissions.
+ *
+ * @param permission the permission to be associated with
+ * the principal in this entry.
+ *
+ * @return true if the permission was added, false if the
+ * permission was already part of this entry's permission set.
+ */
+ public boolean addPermission(Permission permission);
+
+ /**
+ * Removes the specified permission from this ACL entry.
+ *
+ * @param permission the permission to be removed from this entry.
+ *
+ * @return true if the permission is removed, false if the
+ * permission was not part of this entry's permission set.
+ */
+ public boolean removePermission(Permission permission);
+
+ /**
+ * Checks if the specified permission is part of the
+ * permission set in this entry.
+ *
+ * @param permission the permission to be checked for.
+ *
+ * @return true if the permission is part of the
+ * permission set in this entry, false otherwise.
+ */
+ public boolean checkPermission(Permission permission);
+
+ /**
+ * Returns an enumeration of the permissions in this ACL entry.
+ *
+ * @return an enumeration of the permissions in this ACL entry.
+ */
+ public Enumeration<Permission> permissions();
+
+ /**
+ * Returns a string representation of the contents of this ACL entry.
+ *
+ * @return a string representation of the contents.
+ */
+ public String toString();
+
+ /**
+ * Clones this ACL entry.
+ *
+ * @return a clone of this ACL entry.
+ */
+ public Object clone();
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/AclNotFoundException.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+/**
+ * This is an exception that is thrown whenever a reference is made to a
+ * non-existent ACL (Access Control List).
+ *
+ * @author Satish Dharmaraj
+ */
+public class AclNotFoundException extends Exception {
+
+ private static final long serialVersionUID = 5684295034092681791L;
+
+ /**
+ * Constructs an AclNotFoundException.
+ */
+ public AclNotFoundException() {
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Group.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+import java.util.Enumeration;
+import java.security.Principal;
+
+/**
+ * This interface is used to represent a group of principals. (A principal
+ * represents an entity such as an individual user or a company). <p>
+ *
+ * Note that Group extends Principal. Thus, either a Principal or a Group can
+ * be passed as an argument to methods containing a Principal parameter. For
+ * example, you can add either a Principal or a Group to a Group object by
+ * calling the object's {@code addMember} method, passing it the
+ * Principal or Group.
+ *
+ * @author Satish Dharmaraj
+ */
+public interface Group extends Principal {
+
+ /**
+ * Adds the specified member to the group.
+ *
+ * @param user the principal to add to this group.
+ *
+ * @return true if the member was successfully added,
+ * false if the principal was already a member.
+ */
+ public boolean addMember(Principal user);
+
+ /**
+ * Removes the specified member from the group.
+ *
+ * @param user the principal to remove from this group.
+ *
+ * @return true if the principal was removed, or
+ * false if the principal was not a member.
+ */
+ public boolean removeMember(Principal user);
+
+ /**
+ * Returns true if the passed principal is a member of the group.
+ * This method does a recursive search, so if a principal belongs to a
+ * group which is a member of this group, true is returned.
+ *
+ * @param member the principal whose membership is to be checked.
+ *
+ * @return true if the principal is a member of this group,
+ * false otherwise.
+ */
+ public boolean isMember(Principal member);
+
+
+ /**
+ * Returns an enumeration of the members in the group.
+ * The returned objects can be instances of either Principal
+ * or Group (which is a subclass of Principal).
+ *
+ * @return an enumeration of the group members.
+ */
+ public Enumeration<? extends Principal> members();
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/LastOwnerException.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+/**
+ * This is an exception that is thrown whenever an attempt is made to delete
+ * the last owner of an Access Control List.
+ *
+ * @see java.security.acl.Owner#deleteOwner
+ *
+ * @author Satish Dharmaraj
+ */
+public class LastOwnerException extends Exception {
+
+ private static final long serialVersionUID = -5141997548211140359L;
+
+ /**
+ * Constructs a LastOwnerException.
+ */
+ public LastOwnerException() {
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/NotOwnerException.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+/**
+ * This is an exception that is thrown whenever the modification of an object
+ * (such as an Access Control List) is only allowed to be done by an owner of
+ * the object, but the Principal attempting the modification is not an owner.
+ *
+ * @author Satish Dharmaraj
+ */
+public class NotOwnerException extends Exception {
+
+ private static final long serialVersionUID = -5555597911163362399L;
+
+ /**
+ * Constructs a NotOwnerException.
+ */
+ public NotOwnerException() {
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Owner.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+import java.security.Principal;
+
+/**
+ * Interface for managing owners of Access Control Lists (ACLs) or ACL
+ * configurations. (Note that the Acl interface in the
+ * {@code java.security.acl} package extends this Owner
+ * interface.) The initial owner Principal should be specified as an
+ * argument to the constructor of the class implementing this interface.
+ *
+ * @see java.security.acl.Acl
+ *
+ */
+public interface Owner {
+
+ /**
+ * Adds an owner. Only owners can modify ACL contents. The caller
+ * principal must be an owner of the ACL in order to invoke this method.
+ * That is, only an owner can add another owner. The initial owner is
+ * configured at ACL construction time.
+ *
+ * @param caller the principal invoking this method. It must be an owner
+ * of the ACL.
+ *
+ * @param owner the owner that should be added to the list of owners.
+ *
+ * @return true if successful, false if owner is already an owner.
+ * @exception NotOwnerException if the caller principal is not an owner
+ * of the ACL.
+ */
+ public boolean addOwner(Principal caller, Principal owner)
+ throws NotOwnerException;
+
+ /**
+ * Deletes an owner. If this is the last owner in the ACL, an exception is
+ * raised.<p>
+ *
+ * The caller principal must be an owner of the ACL in order to invoke
+ * this method.
+ *
+ * @param caller the principal invoking this method. It must be an owner
+ * of the ACL.
+ *
+ * @param owner the owner to be removed from the list of owners.
+ *
+ * @return true if the owner is removed, false if the owner is not part
+ * of the list of owners.
+ *
+ * @exception NotOwnerException if the caller principal is not an owner
+ * of the ACL.
+ *
+ * @exception LastOwnerException if there is only one owner left, so that
+ * deleteOwner would leave the ACL owner-less.
+ */
+ public boolean deleteOwner(Principal caller, Principal owner)
+ throws NotOwnerException, LastOwnerException;
+
+ /**
+ * Returns true if the given principal is an owner of the ACL.
+ *
+ * @param owner the principal to be checked to determine whether or not
+ * it is an owner.
+ *
+ * @return true if the passed principal is in the list of owners, false
+ * if not.
+ */
+ public boolean isOwner(Principal owner);
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Permission.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security.acl;
+
+
+/**
+ * This interface represents a permission, such as that used to grant
+ * a particular type of access to a resource.
+ *
+ * @author Satish Dharmaraj
+ */
+public interface Permission {
+
+ /**
+ * Returns true if the object passed matches the permission represented
+ * in this interface.
+ *
+ * @param another the Permission object to compare with.
+ *
+ * @return true if the Permission objects are equal, false otherwise
+ */
+ public boolean equals(Object another);
+
+ /**
+ * Prints a string representation of this permission.
+ *
+ * @return the string representation of the permission.
+ */
+ public String toString();
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/package-info.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * The classes and interfaces in this package have been
+ * superseded by classes in the java.security package.
+ * See that package and, for example, java.security.Permission for details.
+ *
+ * @since 1.1
+ */
+package java.security.acl;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/AclEntryImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.acl;
+
+import java.util.*;
+import java.security.Principal;
+import java.security.acl.*;
+
+/**
+ * This is a class that describes one entry that associates users
+ * or groups with permissions in the ACL.
+ * The entry may be used as a way of granting or denying permissions.
+ * @author Satish Dharmaraj
+ */
+public class AclEntryImpl implements AclEntry {
+ private Principal user = null;
+ private Vector<Permission> permissionSet = new Vector<>(10, 10);
+ private boolean negative = false;
+
+ /**
+ * Construct an ACL entry that associates a user with permissions
+ * in the ACL.
+ * @param user The user that is associated with this entry.
+ */
+ public AclEntryImpl(Principal user) {
+ this.user = user;
+ }
+
+ /**
+ * Construct a null ACL entry
+ */
+ public AclEntryImpl() {
+ }
+
+ /**
+ * Sets the principal in the entity. If a group or a
+ * principal had already been set, a false value is
+ * returned, otherwise a true value is returned.
+ * @param user The user that is associated with this entry.
+ * @return true if the principal is set, false if there is
+ * one already.
+ */
+ public boolean setPrincipal(Principal user) {
+ if (this.user != null)
+ return false;
+ this.user = user;
+ return true;
+ }
+
+ /**
+ * This method sets the ACL to have negative permissions.
+ * That is the user or group is denied the permission set
+ * specified in the entry.
+ */
+ public void setNegativePermissions() {
+ negative = true;
+ }
+
+ /**
+ * Returns true if this is a negative ACL.
+ */
+ public boolean isNegative() {
+ return negative;
+ }
+
+ /**
+ * A principal or a group can be associated with multiple
+ * permissions. This method adds a permission to the ACL entry.
+ * @param permission The permission to be associated with
+ * the principal or the group in the entry.
+ * @return true if the permission was added, false if the
+ * permission was already part of the permission set.
+ */
+ public boolean addPermission(Permission permission) {
+
+ if (permissionSet.contains(permission))
+ return false;
+
+ permissionSet.addElement(permission);
+
+ return true;
+ }
+
+ /**
+ * The method disassociates the permission from the Principal
+ * or the Group in this ACL entry.
+ * @param permission The permission to be disassociated with
+ * the principal or the group in the entry.
+ * @return true if the permission is removed, false if the
+ * permission is not part of the permission set.
+ */
+ public boolean removePermission(Permission permission) {
+ return permissionSet.removeElement(permission);
+ }
+
+ /**
+ * Checks if the passed permission is part of the allowed
+ * permission set in this entry.
+ * @param permission The permission that has to be part of
+ * the permission set in the entry.
+ * @return true if the permission passed is part of the
+ * permission set in the entry, false otherwise.
+ */
+ public boolean checkPermission(Permission permission) {
+ return permissionSet.contains(permission);
+ }
+
+ /**
+ * return an enumeration of the permissions in this ACL entry.
+ */
+ public Enumeration<Permission> permissions() {
+ return permissionSet.elements();
+ }
+
+ /**
+ * Return a string representation of the contents of the ACL entry.
+ */
+ public String toString() {
+ StringBuffer s = new StringBuffer();
+ if (negative)
+ s.append("-");
+ else
+ s.append("+");
+ if (user instanceof Group)
+ s.append("Group.");
+ else
+ s.append("User.");
+ s.append(user + "=");
+ Enumeration<Permission> e = permissions();
+ while(e.hasMoreElements()) {
+ Permission p = e.nextElement();
+ s.append(p);
+ if (e.hasMoreElements())
+ s.append(",");
+ }
+ return new String(s);
+ }
+
+ /**
+ * Clones an AclEntry.
+ */
+ @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
+ public synchronized Object clone() {
+ AclEntryImpl cloned;
+ cloned = new AclEntryImpl(user);
+ cloned.permissionSet = (Vector<Permission>) permissionSet.clone();
+ cloned.negative = negative;
+ return cloned;
+ }
+
+ /**
+ * Return the Principal associated in this ACL entry.
+ * The method returns null if the entry uses a group
+ * instead of a principal.
+ */
+ public Principal getPrincipal() {
+ return user;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/AclImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,408 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.io.*;
+import java.util.*;
+import java.security.Principal;
+import java.security.acl.*;
+
+/**
+ * An Access Control List (ACL) is encapsulated by this class.
+ * @author Satish Dharmaraj
+ */
+public class AclImpl extends OwnerImpl implements Acl {
+ //
+ // Maintain four tables. one each for positive and negative
+ // ACLs. One each depending on whether the entity is a group
+ // or principal.
+ //
+ private Hashtable<Principal, AclEntry> allowedUsersTable =
+ new Hashtable<>(23);
+ private Hashtable<Principal, AclEntry> allowedGroupsTable =
+ new Hashtable<>(23);
+ private Hashtable<Principal, AclEntry> deniedUsersTable =
+ new Hashtable<>(23);
+ private Hashtable<Principal, AclEntry> deniedGroupsTable =
+ new Hashtable<>(23);
+ private String aclName = null;
+ private Vector<Permission> zeroSet = new Vector<>(1,1);
+
+
+ /**
+ * Constructor for creating an empty ACL.
+ */
+ public AclImpl(Principal owner, String name) {
+ super(owner);
+ try {
+ setName(owner, name);
+ } catch (Exception e) {}
+ }
+
+ /**
+ * Sets the name of the ACL.
+ * @param caller the principal who is invoking this method.
+ * @param name the name of the ACL.
+ * @exception NotOwnerException if the caller principal is
+ * not on the owners list of the Acl.
+ */
+ public void setName(Principal caller, String name)
+ throws NotOwnerException
+ {
+ if (!isOwner(caller))
+ throw new NotOwnerException();
+
+ aclName = name;
+ }
+
+ /**
+ * Returns the name of the ACL.
+ * @return the name of the ACL.
+ */
+ public String getName() {
+ return aclName;
+ }
+
+ /**
+ * Adds an ACL entry to this ACL. An entry associates a
+ * group or a principal with a set of permissions. Each
+ * user or group can have one positive ACL entry and one
+ * negative ACL entry. If there is one of the type (negative
+ * or positive) already in the table, a false value is returned.
+ * The caller principal must be a part of the owners list of
+ * the ACL in order to invoke this method.
+ * @param caller the principal who is invoking this method.
+ * @param entry the ACL entry that must be added to the ACL.
+ * @return true on success, false if the entry is already present.
+ * @exception NotOwnerException if the caller principal
+ * is not on the owners list of the Acl.
+ */
+ public synchronized boolean addEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException
+ {
+ if (!isOwner(caller))
+ throw new NotOwnerException();
+
+ Hashtable<Principal, AclEntry> aclTable = findTable(entry);
+ Principal key = entry.getPrincipal();
+
+ if (aclTable.get(key) != null)
+ return false;
+
+ aclTable.put(key, entry);
+ return true;
+ }
+
+ /**
+ * Removes an ACL entry from this ACL.
+ * The caller principal must be a part of the owners list of the ACL
+ * in order to invoke this method.
+ * @param caller the principal who is invoking this method.
+ * @param entry the ACL entry that must be removed from the ACL.
+ * @return true on success, false if the entry is not part of the ACL.
+ * @exception NotOwnerException if the caller principal is not
+ * the owners list of the Acl.
+ */
+ public synchronized boolean removeEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException
+ {
+ if (!isOwner(caller))
+ throw new NotOwnerException();
+
+ Hashtable<Principal, AclEntry> aclTable = findTable(entry);
+ Principal key = entry.getPrincipal();
+
+ AclEntry o = aclTable.remove(key);
+ return (o != null);
+ }
+
+ /**
+ * This method returns the set of allowed permissions for the
+ * specified principal. This set of allowed permissions is calculated
+ * as follows:
+ *
+ * If there is no entry for a group or a principal an empty permission
+ * set is assumed.
+ *
+ * The group positive permission set is the union of all
+ * the positive permissions of each group that the individual belongs to.
+ * The group negative permission set is the union of all
+ * the negative permissions of each group that the individual belongs to.
+ * If there is a specific permission that occurs in both
+ * the postive permission set and the negative permission set,
+ * it is removed from both. The group positive and negatoive permission
+ * sets are calculated.
+ *
+ * The individial positive permission set and the individual negative
+ * permission set is then calculated. Again abscence of an entry means
+ * the empty set.
+ *
+ * The set of permissions granted to the principal is then calculated using
+ * the simple rule: Individual permissions always override the Group permissions.
+ * Specifically, individual negative permission set (specific
+ * denial of permissions) overrides the group positive permission set.
+ * And the individual positive permission set override the group negative
+ * permission set.
+ *
+ * @param user the principal for which the ACL entry is returned.
+ * @return The resulting permission set that the principal is allowed.
+ */
+ public synchronized Enumeration<Permission> getPermissions(Principal user) {
+
+ Enumeration<Permission> individualPositive;
+ Enumeration<Permission> individualNegative;
+ Enumeration<Permission> groupPositive;
+ Enumeration<Permission> groupNegative;
+
+ //
+ // canonicalize the sets. That is remove common permissions from
+ // positive and negative sets.
+ //
+ groupPositive =
+ subtract(getGroupPositive(user), getGroupNegative(user));
+ groupNegative =
+ subtract(getGroupNegative(user), getGroupPositive(user));
+ individualPositive =
+ subtract(getIndividualPositive(user), getIndividualNegative(user));
+ individualNegative =
+ subtract(getIndividualNegative(user), getIndividualPositive(user));
+
+ //
+ // net positive permissions is individual positive permissions
+ // plus (group positive - individual negative).
+ //
+ Enumeration<Permission> temp1 =
+ subtract(groupPositive, individualNegative);
+ Enumeration<Permission> netPositive =
+ union(individualPositive, temp1);
+
+ // recalculate the enumeration since we lost it in performing the
+ // subtraction
+ //
+ individualPositive =
+ subtract(getIndividualPositive(user), getIndividualNegative(user));
+ individualNegative =
+ subtract(getIndividualNegative(user), getIndividualPositive(user));
+
+ //
+ // net negative permissions is individual negative permissions
+ // plus (group negative - individual positive).
+ //
+ temp1 = subtract(groupNegative, individualPositive);
+ Enumeration<Permission> netNegative = union(individualNegative, temp1);
+
+ return subtract(netPositive, netNegative);
+ }
+
+ /**
+ * This method checks whether or not the specified principal
+ * has the required permission. If permission is denied
+ * permission false is returned, a true value is returned otherwise.
+ * This method does not authenticate the principal. It presumes that
+ * the principal is a valid authenticated principal.
+ * @param principal the name of the authenticated principal
+ * @param permission the permission that the principal must have.
+ * @return true of the principal has the permission desired, false
+ * otherwise.
+ */
+ public boolean checkPermission(Principal principal, Permission permission)
+ {
+ Enumeration<Permission> permSet = getPermissions(principal);
+ while (permSet.hasMoreElements()) {
+ Permission p = permSet.nextElement();
+ if (p.equals(permission))
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * returns an enumeration of the entries in this ACL.
+ */
+ public synchronized Enumeration<AclEntry> entries() {
+ return new AclEnumerator(this,
+ allowedUsersTable, allowedGroupsTable,
+ deniedUsersTable, deniedGroupsTable);
+ }
+
+ /**
+ * return a stringified version of the
+ * ACL.
+ */
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ Enumeration<AclEntry> entries = entries();
+ while (entries.hasMoreElements()) {
+ AclEntry entry = entries.nextElement();
+ sb.append(entry.toString().trim());
+ sb.append("\n");
+ }
+
+ return sb.toString();
+ }
+
+ //
+ // Find the table that this entry belongs to. There are 4
+ // tables that are maintained. One each for postive and
+ // negative ACLs and one each for groups and users.
+ // This method figures out which
+ // table is the one that this AclEntry belongs to.
+ //
+ private Hashtable<Principal, AclEntry> findTable(AclEntry entry) {
+ Hashtable<Principal, AclEntry> aclTable = null;
+
+ Principal p = entry.getPrincipal();
+ if (p instanceof Group) {
+ if (entry.isNegative())
+ aclTable = deniedGroupsTable;
+ else
+ aclTable = allowedGroupsTable;
+ } else {
+ if (entry.isNegative())
+ aclTable = deniedUsersTable;
+ else
+ aclTable = allowedUsersTable;
+ }
+ return aclTable;
+ }
+
+ //
+ // returns the set e1 U e2.
+ //
+ private static Enumeration<Permission> union(Enumeration<Permission> e1,
+ Enumeration<Permission> e2) {
+ Vector<Permission> v = new Vector<>(20, 20);
+
+ while (e1.hasMoreElements())
+ v.addElement(e1.nextElement());
+
+ while (e2.hasMoreElements()) {
+ Permission o = e2.nextElement();
+ if (!v.contains(o))
+ v.addElement(o);
+ }
+
+ return v.elements();
+ }
+
+ //
+ // returns the set e1 - e2.
+ //
+ private Enumeration<Permission> subtract(Enumeration<Permission> e1,
+ Enumeration<Permission> e2) {
+ Vector<Permission> v = new Vector<>(20, 20);
+
+ while (e1.hasMoreElements())
+ v.addElement(e1.nextElement());
+
+ while (e2.hasMoreElements()) {
+ Permission o = e2.nextElement();
+ if (v.contains(o))
+ v.removeElement(o);
+ }
+
+ return v.elements();
+ }
+
+ private Enumeration<Permission> getGroupPositive(Principal user) {
+ Enumeration<Permission> groupPositive = zeroSet.elements();
+ Enumeration<Principal> e = allowedGroupsTable.keys();
+ while (e.hasMoreElements()) {
+ Group g = (Group)e.nextElement();
+ if (g.isMember(user)) {
+ AclEntry ae = allowedGroupsTable.get(g);
+ groupPositive = union(ae.permissions(), groupPositive);
+ }
+ }
+ return groupPositive;
+ }
+
+ private Enumeration<Permission> getGroupNegative(Principal user) {
+ Enumeration<Permission> groupNegative = zeroSet.elements();
+ Enumeration<Principal> e = deniedGroupsTable.keys();
+ while (e.hasMoreElements()) {
+ Group g = (Group)e.nextElement();
+ if (g.isMember(user)) {
+ AclEntry ae = deniedGroupsTable.get(g);
+ groupNegative = union(ae.permissions(), groupNegative);
+ }
+ }
+ return groupNegative;
+ }
+
+ private Enumeration<Permission> getIndividualPositive(Principal user) {
+ Enumeration<Permission> individualPositive = zeroSet.elements();
+ AclEntry ae = allowedUsersTable.get(user);
+ if (ae != null)
+ individualPositive = ae.permissions();
+ return individualPositive;
+ }
+
+ private Enumeration<Permission> getIndividualNegative(Principal user) {
+ Enumeration<Permission> individualNegative = zeroSet.elements();
+ AclEntry ae = deniedUsersTable.get(user);
+ if (ae != null)
+ individualNegative = ae.permissions();
+ return individualNegative;
+ }
+}
+
+final class AclEnumerator implements Enumeration<AclEntry> {
+ Acl acl;
+ Enumeration<AclEntry> u1, u2, g1, g2;
+
+ AclEnumerator(Acl acl, Hashtable<?,AclEntry> u1, Hashtable<?,AclEntry> g1,
+ Hashtable<?,AclEntry> u2, Hashtable<?,AclEntry> g2) {
+ this.acl = acl;
+ this.u1 = u1.elements();
+ this.u2 = u2.elements();
+ this.g1 = g1.elements();
+ this.g2 = g2.elements();
+ }
+
+ public boolean hasMoreElements() {
+ return (u1.hasMoreElements() ||
+ u2.hasMoreElements() ||
+ g1.hasMoreElements() ||
+ g2.hasMoreElements());
+ }
+
+ public AclEntry nextElement()
+ {
+ AclEntry o;
+ synchronized (acl) {
+ if (u1.hasMoreElements())
+ return u1.nextElement();
+ if (u2.hasMoreElements())
+ return u2.nextElement();
+ if (g1.hasMoreElements())
+ return g1.nextElement();
+ if (g2.hasMoreElements())
+ return g2.nextElement();
+ }
+ throw new NoSuchElementException("Acl Enumerator");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/AllPermissionsImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1996, 1997, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.security.Principal;
+import java.security.acl.*;
+
+/**
+ * This class implements the principal interface for the set of all permissions.
+ * @author Satish Dharmaraj
+ */
+public class AllPermissionsImpl extends PermissionImpl {
+
+ public AllPermissionsImpl(String s) {
+ super(s);
+ }
+
+ /**
+ * This function returns true if the permission passed matches the permission represented in
+ * this interface.
+ * @param another The Permission object to compare with.
+ * @returns true always
+ */
+ public boolean equals(Permission another) {
+ return true;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/GroupImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.util.*;
+import java.security.*;
+import java.security.acl.*;
+
+/**
+ * This class implements a group of principals.
+ * @author Satish Dharmaraj
+ */
+public class GroupImpl implements Group {
+ private Vector<Principal> groupMembers = new Vector<>(50, 100);
+ private String group;
+
+ /**
+ * Constructs a Group object with no members.
+ * @param groupName the name of the group
+ */
+ public GroupImpl(String groupName) {
+ this.group = groupName;
+ }
+
+ /**
+ * adds the specified member to the group.
+ * @param user The principal to add to the group.
+ * @return true if the member was added - false if the
+ * member could not be added.
+ */
+ public boolean addMember(Principal user) {
+ if (groupMembers.contains(user))
+ return false;
+
+ // do not allow groups to be added to itself.
+ if (group.equals(user.toString()))
+ throw new IllegalArgumentException();
+
+ groupMembers.addElement(user);
+ return true;
+ }
+
+ /**
+ * removes the specified member from the group.
+ * @param user The principal to remove from the group.
+ * @param true if the principal was removed false if
+ * the principal was not a member
+ */
+ public boolean removeMember(Principal user) {
+ return groupMembers.removeElement(user);
+ }
+
+ /**
+ * returns the enumeration of the members in the group.
+ */
+ public Enumeration<? extends Principal> members() {
+ return groupMembers.elements();
+ }
+
+ /**
+ * This function returns true if the group passed matches
+ * the group represented in this interface.
+ * @param another The group to compare this group to.
+ */
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof Group == false) {
+ return false;
+ }
+ Group another = (Group)obj;
+ return group.equals(another.toString());
+ }
+
+ // equals(Group) for compatibility
+ public boolean equals(Group another) {
+ return equals((Object)another);
+ }
+
+ /**
+ * Prints a stringified version of the group.
+ */
+ public String toString() {
+ return group;
+ }
+
+ /**
+ * return a hashcode for the principal.
+ */
+ public int hashCode() {
+ return group.hashCode();
+ }
+
+ /**
+ * returns true if the passed principal is a member of the group.
+ * @param member The principal whose membership must be checked for.
+ * @return true if the principal is a member of this group,
+ * false otherwise
+ */
+ public boolean isMember(Principal member) {
+
+ //
+ // if the member is part of the group (common case), return true.
+ // if not, recursively search depth first in the group looking for the
+ // principal.
+ //
+ if (groupMembers.contains(member)) {
+ return true;
+ } else {
+ Vector<Group> alreadySeen = new Vector<>(10);
+ return isMemberRecurse(member, alreadySeen);
+ }
+ }
+
+ /**
+ * return the name of the principal.
+ */
+ public String getName() {
+ return group;
+ }
+
+ //
+ // This function is the recursive search of groups for this
+ // implementation of the Group. The search proceeds building up
+ // a vector of already seen groups. Only new groups are considered,
+ // thereby avoiding loops.
+ //
+ boolean isMemberRecurse(Principal member, Vector<Group> alreadySeen) {
+ Enumeration<? extends Principal> e = members();
+ while (e.hasMoreElements()) {
+ boolean mem = false;
+ Principal p = (Principal) e.nextElement();
+
+ // if the member is in this collection, return true
+ if (p.equals(member)) {
+ return true;
+ } else if (p instanceof GroupImpl) {
+ //
+ // if not recurse if the group has not been checked already.
+ // Can call method in this package only if the object is an
+ // instance of this class. Otherwise call the method defined
+ // in the interface. (This can lead to a loop if a mixture of
+ // implementations form a loop, but we live with this improbable
+ // case rather than clutter the interface by forcing the
+ // implementation of this method.)
+ //
+ GroupImpl g = (GroupImpl) p;
+ alreadySeen.addElement(this);
+ if (!alreadySeen.contains(g))
+ mem = g.isMemberRecurse(member, alreadySeen);
+ } else if (p instanceof Group) {
+ Group g = (Group) p;
+ if (!alreadySeen.contains(g))
+ mem = g.isMember(member);
+ }
+
+ if (mem)
+ return mem;
+ }
+ return false;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/OwnerImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.util.*;
+import java.security.*;
+import java.security.acl.*;
+
+/**
+ * Class implementing the Owner interface. The
+ * initial owner principal is configured as
+ * part of the constructor.
+ * @author Satish Dharmaraj
+ */
+public class OwnerImpl implements Owner {
+ private Group ownerGroup;
+
+ public OwnerImpl(Principal owner) {
+ ownerGroup = new GroupImpl("AclOwners");
+ ownerGroup.addMember(owner);
+ }
+
+ /**
+ * Adds an owner. Owners can modify ACL contents and can disassociate
+ * ACLs from the objects they protect in the AclConfig interface.
+ * The caller principal must be a part of the owners list of the ACL in
+ * order to invoke this method. The initial owner is configured
+ * at ACL construction time.
+ * @param caller the principal who is invoking this method.
+ * @param owner The owner that should be added to the owners list.
+ * @return true if success, false if already an owner.
+ * @exception NotOwnerException if the caller principal is not on
+ * the owners list of the Acl.
+ */
+ public synchronized boolean addOwner(Principal caller, Principal owner)
+ throws NotOwnerException
+ {
+ if (!isOwner(caller))
+ throw new NotOwnerException();
+
+ ownerGroup.addMember(owner);
+ return false;
+ }
+
+ /**
+ * Delete owner. If this is the last owner in the ACL, an exception is
+ * raised.
+ * The caller principal must be a part of the owners list of the ACL in
+ * order to invoke this method.
+ * @param caller the principal who is invoking this method.
+ * @param owner The owner to be removed from the owners list.
+ * @return true if the owner is removed, false if the owner is not part
+ * of the owners list.
+ * @exception NotOwnerException if the caller principal is not on
+ * the owners list of the Acl.
+ * @exception LastOwnerException if there is only one owner left in the group, then
+ * deleteOwner would leave the ACL owner-less. This exception is raised in such a case.
+ */
+ public synchronized boolean deleteOwner(Principal caller, Principal owner)
+ throws NotOwnerException, LastOwnerException
+ {
+ if (!isOwner(caller))
+ throw new NotOwnerException();
+
+ Enumeration<? extends Principal> e = ownerGroup.members();
+ //
+ // check if there is atleast 2 members left.
+ //
+ Object o = e.nextElement();
+ if (e.hasMoreElements())
+ return ownerGroup.removeMember(owner);
+ else
+ throw new LastOwnerException();
+
+ }
+
+ /**
+ * returns if the given principal belongs to the owner list.
+ * @param owner The owner to check if part of the owners list
+ * @return true if the passed principal is in the owner list, false if not.
+ */
+ public synchronized boolean isOwner(Principal owner) {
+ return ownerGroup.isMember(owner);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/PermissionImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.security.Principal;
+import java.security.acl.*;
+
+/**
+ * The PermissionImpl class implements the permission
+ * interface for permissions that are strings.
+ * @author Satish Dharmaraj
+ */
+public class PermissionImpl implements Permission {
+
+ private String permission;
+
+ /**
+ * Construct a permission object using a string.
+ * @param permission the stringified version of the permission.
+ */
+ public PermissionImpl(String permission) {
+ this.permission = permission;
+ }
+
+ /**
+ * This function returns true if the object passed matches the permission
+ * represented in this interface.
+ * @param another The Permission object to compare with.
+ * @return true if the Permission objects are equal, false otherwise
+ */
+ public boolean equals(Object another) {
+ if (another instanceof Permission) {
+ Permission p = (Permission) another;
+ return permission.equals(p.toString());
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Prints a stringified version of the permission.
+ * @return the string representation of the Permission.
+ */
+ public String toString() {
+ return permission;
+ }
+
+ /**
+ * Returns a hashcode for this PermissionImpl.
+ *
+ * @return a hashcode for this PermissionImpl.
+ */
+ public int hashCode() {
+ return toString().hashCode();
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/PrincipalImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.security.*;
+
+/**
+ * This class implements the principal interface.
+ *
+ * @author Satish Dharmaraj
+ */
+public class PrincipalImpl implements Principal {
+
+ private String user;
+
+ /**
+ * Construct a principal from a string user name.
+ * @param user The string form of the principal name.
+ */
+ public PrincipalImpl(String user) {
+ this.user = user;
+ }
+
+ /**
+ * This function returns true if the object passed matches
+ * the principal represented in this implementation
+ * @param another the Principal to compare with.
+ * @return true if the Principal passed is the same as that
+ * encapsulated in this object, false otherwise
+ */
+ public boolean equals(Object another) {
+ if (another instanceof PrincipalImpl) {
+ PrincipalImpl p = (PrincipalImpl) another;
+ return user.equals(p.toString());
+ } else
+ return false;
+ }
+
+ /**
+ * Prints a stringified version of the principal.
+ */
+ public String toString() {
+ return user;
+ }
+
+ /**
+ * return a hashcode for the principal.
+ */
+ public int hashCode() {
+ return user.hashCode();
+ }
+
+ /**
+ * return the name of the principal.
+ */
+ public String getName() {
+ return user;
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/acl/WorldGroupImpl.java Tue Feb 03 14:09:20 2015 -0800
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.acl;
+
+import java.security.*;
+
+/**
+ * This class implements a group of principals.
+ * @author Satish Dharmaraj
+ */
+public class WorldGroupImpl extends GroupImpl {
+
+ public WorldGroupImpl(String s) {
+ super(s);
+ }
+
+ /**
+ * returns true for all passed principals
+ * @param member The principal whose membership must be checked in this Group.
+ * @return true always since this is the "world" group.
+ */
+ public boolean isMember(Principal member) {
+ return true;
+ }
+}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/Acl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,241 +0,0 @@
-/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-import java.util.Enumeration;
-import java.security.Principal;
-
-/**
- * Interface representing an Access Control List (ACL). An Access
- * Control List is a data structure used to guard access to
- * resources.<p>
- *
- * An ACL can be thought of as a data structure with multiple ACL
- * entries. Each ACL entry, of interface type AclEntry, contains a
- * set of permissions associated with a particular principal. (A
- * principal represents an entity such as an individual user or a
- * group). Additionally, each ACL entry is specified as being either
- * positive or negative. If positive, the permissions are to be
- * granted to the associated principal. If negative, the permissions
- * are to be denied.<p>
- *
- * The ACL Entries in each ACL observe the following rules:
- *
- * <ul> <li>Each principal can have at most one positive ACL entry and
- * one negative entry; that is, multiple positive or negative ACL
- * entries are not allowed for any principal. Each entry specifies
- * the set of permissions that are to be granted (if positive) or
- * denied (if negative).
- *
- * <li>If there is no entry for a particular principal, then the
- * principal is considered to have a null (empty) permission set.
- *
- * <li>If there is a positive entry that grants a principal a
- * particular permission, and a negative entry that denies the
- * principal the same permission, the result is as though the
- * permission was never granted or denied.
- *
- * <li>Individual permissions always override permissions of the
- * group(s) to which the individual belongs. That is, individual
- * negative permissions (specific denial of permissions) override the
- * groups' positive permissions. And individual positive permissions
- * override the groups' negative permissions.
- *
- * </ul>
- *
- * The {@code java.security.acl } package provides the
- * interfaces to the ACL and related data structures (ACL entries,
- * groups, permissions, etc.), and the {@code sun.security.acl }
- * classes provide a default implementation of the interfaces. For
- * example, {@code java.security.acl.Acl } provides the
- * interface to an ACL and the {@code sun.security.acl.AclImpl }
- * class provides the default implementation of the interface.<p>
- *
- * The {@code java.security.acl.Acl } interface extends the
- * {@code java.security.acl.Owner } interface. The Owner
- * interface is used to maintain a list of owners for each ACL. Only
- * owners are allowed to modify an ACL. For example, only an owner can
- * call the ACL's {@code addEntry} method to add a new ACL entry
- * to the ACL.
- *
- * @see java.security.acl.AclEntry
- * @see java.security.acl.Owner
- * @see java.security.acl.Acl#getPermissions
- *
- * @author Satish Dharmaraj
- */
-
-public interface Acl extends Owner {
-
- /**
- * Sets the name of this ACL.
- *
- * @param caller the principal invoking this method. It must be an
- * owner of this ACL.
- *
- * @param name the name to be given to this ACL.
- *
- * @exception NotOwnerException if the caller principal
- * is not an owner of this ACL.
- *
- * @see #getName
- */
- public void setName(Principal caller, String name)
- throws NotOwnerException;
-
- /**
- * Returns the name of this ACL.
- *
- * @return the name of this ACL.
- *
- * @see #setName
- */
- public String getName();
-
- /**
- * Adds an ACL entry to this ACL. An entry associates a principal
- * (e.g., an individual or a group) with a set of
- * permissions. Each principal can have at most one positive ACL
- * entry (specifying permissions to be granted to the principal)
- * and one negative ACL entry (specifying permissions to be
- * denied). If there is already an ACL entry of the same type
- * (negative or positive) already in the ACL, false is returned.
- *
- * @param caller the principal invoking this method. It must be an
- * owner of this ACL.
- *
- * @param entry the ACL entry to be added to this ACL.
- *
- * @return true on success, false if an entry of the same type
- * (positive or negative) for the same principal is already
- * present in this ACL.
- *
- * @exception NotOwnerException if the caller principal
- * is not an owner of this ACL.
- */
- public boolean addEntry(Principal caller, AclEntry entry)
- throws NotOwnerException;
-
- /**
- * Removes an ACL entry from this ACL.
- *
- * @param caller the principal invoking this method. It must be an
- * owner of this ACL.
- *
- * @param entry the ACL entry to be removed from this ACL.
- *
- * @return true on success, false if the entry is not part of this ACL.
- *
- * @exception NotOwnerException if the caller principal is not
- * an owner of this Acl.
- */
- public boolean removeEntry(Principal caller, AclEntry entry)
- throws NotOwnerException;
-
- /**
- * Returns an enumeration for the set of allowed permissions for the
- * specified principal (representing an entity such as an individual or
- * a group). This set of allowed permissions is calculated as
- * follows:
- *
- * <ul>
- *
- * <li>If there is no entry in this Access Control List for the
- * specified principal, an empty permission set is returned.
- *
- * <li>Otherwise, the principal's group permission sets are determined.
- * (A principal can belong to one or more groups, where a group is a
- * group of principals, represented by the Group interface.)
- * The group positive permission set is the union of all
- * the positive permissions of each group that the principal belongs to.
- * The group negative permission set is the union of all
- * the negative permissions of each group that the principal belongs to.
- * If there is a specific permission that occurs in both
- * the positive permission set and the negative permission set,
- * it is removed from both.<p>
- *
- * The individual positive and negative permission sets are also
- * determined. The positive permission set contains the permissions
- * specified in the positive ACL entry (if any) for the principal.
- * Similarly, the negative permission set contains the permissions
- * specified in the negative ACL entry (if any) for the principal.
- * The individual positive (or negative) permission set is considered
- * to be null if there is not a positive (negative) ACL entry for the
- * principal in this ACL.<p>
- *
- * The set of permissions granted to the principal is then calculated
- * using the simple rule that individual permissions always override
- * the group permissions. That is, the principal's individual negative
- * permission set (specific denial of permissions) overrides the group
- * positive permission set, and the principal's individual positive
- * permission set overrides the group negative permission set.
- *
- * </ul>
- *
- * @param user the principal whose permission set is to be returned.
- *
- * @return the permission set specifying the permissions the principal
- * is allowed.
- */
- public Enumeration<Permission> getPermissions(Principal user);
-
- /**
- * Returns an enumeration of the entries in this ACL. Each element in
- * the enumeration is of type AclEntry.
- *
- * @return an enumeration of the entries in this ACL.
- */
- public Enumeration<AclEntry> entries();
-
- /**
- * Checks whether or not the specified principal has the specified
- * permission. If it does, true is returned, otherwise false is returned.
- *
- * More specifically, this method checks whether the passed permission
- * is a member of the allowed permission set of the specified principal.
- * The allowed permission set is determined by the same algorithm as is
- * used by the {@code getPermissions} method.
- *
- * @param principal the principal, assumed to be a valid authenticated
- * Principal.
- *
- * @param permission the permission to be checked for.
- *
- * @return true if the principal has the specified permission, false
- * otherwise.
- *
- * @see #getPermissions
- */
- public boolean checkPermission(Principal principal, Permission permission);
-
- /**
- * Returns a string representation of the
- * ACL contents.
- *
- * @return a string representation of the ACL contents.
- */
- public String toString();
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/AclEntry.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,154 +0,0 @@
-/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-import java.util.Enumeration;
-import java.security.Principal;
-
-/**
- * This is the interface used for representing one entry in an Access
- * Control List (ACL).<p>
- *
- * An ACL can be thought of as a data structure with multiple ACL entry
- * objects. Each ACL entry object contains a set of permissions associated
- * with a particular principal. (A principal represents an entity such as
- * an individual user or a group). Additionally, each ACL entry is specified
- * as being either positive or negative. If positive, the permissions are
- * to be granted to the associated principal. If negative, the permissions
- * are to be denied. Each principal can have at most one positive ACL entry
- * and one negative entry; that is, multiple positive or negative ACL
- * entries are not allowed for any principal.
- *
- * Note: ACL entries are by default positive. An entry becomes a
- * negative entry only if the
- * {@link #setNegativePermissions() setNegativePermissions}
- * method is called on it.
- *
- * @see java.security.acl.Acl
- *
- * @author Satish Dharmaraj
- */
-public interface AclEntry extends Cloneable {
-
- /**
- * Specifies the principal for which permissions are granted or denied
- * by this ACL entry. If a principal was already set for this ACL entry,
- * false is returned, otherwise true is returned.
- *
- * @param user the principal to be set for this entry.
- *
- * @return true if the principal is set, false if there was
- * already a principal set for this entry.
- *
- * @see #getPrincipal
- */
- public boolean setPrincipal(Principal user);
-
- /**
- * Returns the principal for which permissions are granted or denied by
- * this ACL entry. Returns null if there is no principal set for this
- * entry yet.
- *
- * @return the principal associated with this entry.
- *
- * @see #setPrincipal
- */
- public Principal getPrincipal();
-
- /**
- * Sets this ACL entry to be a negative one. That is, the associated
- * principal (e.g., a user or a group) will be denied the permission set
- * specified in the entry.
- *
- * Note: ACL entries are by default positive. An entry becomes a
- * negative entry only if this {@code setNegativePermissions}
- * method is called on it.
- */
- public void setNegativePermissions();
-
- /**
- * Returns true if this is a negative ACL entry (one denying the
- * associated principal the set of permissions in the entry), false
- * otherwise.
- *
- * @return true if this is a negative ACL entry, false if it's not.
- */
- public boolean isNegative();
-
- /**
- * Adds the specified permission to this ACL entry. Note: An entry can
- * have multiple permissions.
- *
- * @param permission the permission to be associated with
- * the principal in this entry.
- *
- * @return true if the permission was added, false if the
- * permission was already part of this entry's permission set.
- */
- public boolean addPermission(Permission permission);
-
- /**
- * Removes the specified permission from this ACL entry.
- *
- * @param permission the permission to be removed from this entry.
- *
- * @return true if the permission is removed, false if the
- * permission was not part of this entry's permission set.
- */
- public boolean removePermission(Permission permission);
-
- /**
- * Checks if the specified permission is part of the
- * permission set in this entry.
- *
- * @param permission the permission to be checked for.
- *
- * @return true if the permission is part of the
- * permission set in this entry, false otherwise.
- */
- public boolean checkPermission(Permission permission);
-
- /**
- * Returns an enumeration of the permissions in this ACL entry.
- *
- * @return an enumeration of the permissions in this ACL entry.
- */
- public Enumeration<Permission> permissions();
-
- /**
- * Returns a string representation of the contents of this ACL entry.
- *
- * @return a string representation of the contents.
- */
- public String toString();
-
- /**
- * Clones this ACL entry.
- *
- * @return a clone of this ACL entry.
- */
- public Object clone();
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/AclNotFoundException.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-/**
- * This is an exception that is thrown whenever a reference is made to a
- * non-existent ACL (Access Control List).
- *
- * @author Satish Dharmaraj
- */
-public class AclNotFoundException extends Exception {
-
- private static final long serialVersionUID = 5684295034092681791L;
-
- /**
- * Constructs an AclNotFoundException.
- */
- public AclNotFoundException() {
- }
-
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/Group.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-import java.util.Enumeration;
-import java.security.Principal;
-
-/**
- * This interface is used to represent a group of principals. (A principal
- * represents an entity such as an individual user or a company). <p>
- *
- * Note that Group extends Principal. Thus, either a Principal or a Group can
- * be passed as an argument to methods containing a Principal parameter. For
- * example, you can add either a Principal or a Group to a Group object by
- * calling the object's {@code addMember} method, passing it the
- * Principal or Group.
- *
- * @author Satish Dharmaraj
- */
-public interface Group extends Principal {
-
- /**
- * Adds the specified member to the group.
- *
- * @param user the principal to add to this group.
- *
- * @return true if the member was successfully added,
- * false if the principal was already a member.
- */
- public boolean addMember(Principal user);
-
- /**
- * Removes the specified member from the group.
- *
- * @param user the principal to remove from this group.
- *
- * @return true if the principal was removed, or
- * false if the principal was not a member.
- */
- public boolean removeMember(Principal user);
-
- /**
- * Returns true if the passed principal is a member of the group.
- * This method does a recursive search, so if a principal belongs to a
- * group which is a member of this group, true is returned.
- *
- * @param member the principal whose membership is to be checked.
- *
- * @return true if the principal is a member of this group,
- * false otherwise.
- */
- public boolean isMember(Principal member);
-
-
- /**
- * Returns an enumeration of the members in the group.
- * The returned objects can be instances of either Principal
- * or Group (which is a subclass of Principal).
- *
- * @return an enumeration of the group members.
- */
- public Enumeration<? extends Principal> members();
-
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/LastOwnerException.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-/**
- * This is an exception that is thrown whenever an attempt is made to delete
- * the last owner of an Access Control List.
- *
- * @see java.security.acl.Owner#deleteOwner
- *
- * @author Satish Dharmaraj
- */
-public class LastOwnerException extends Exception {
-
- private static final long serialVersionUID = -5141997548211140359L;
-
- /**
- * Constructs a LastOwnerException.
- */
- public LastOwnerException() {
- }
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/NotOwnerException.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-/**
- * This is an exception that is thrown whenever the modification of an object
- * (such as an Access Control List) is only allowed to be done by an owner of
- * the object, but the Principal attempting the modification is not an owner.
- *
- * @author Satish Dharmaraj
- */
-public class NotOwnerException extends Exception {
-
- private static final long serialVersionUID = -5555597911163362399L;
-
- /**
- * Constructs a NotOwnerException.
- */
- public NotOwnerException() {
- }
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/Owner.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-import java.security.Principal;
-
-/**
- * Interface for managing owners of Access Control Lists (ACLs) or ACL
- * configurations. (Note that the Acl interface in the
- * {@code java.security.acl} package extends this Owner
- * interface.) The initial owner Principal should be specified as an
- * argument to the constructor of the class implementing this interface.
- *
- * @see java.security.acl.Acl
- *
- */
-public interface Owner {
-
- /**
- * Adds an owner. Only owners can modify ACL contents. The caller
- * principal must be an owner of the ACL in order to invoke this method.
- * That is, only an owner can add another owner. The initial owner is
- * configured at ACL construction time.
- *
- * @param caller the principal invoking this method. It must be an owner
- * of the ACL.
- *
- * @param owner the owner that should be added to the list of owners.
- *
- * @return true if successful, false if owner is already an owner.
- * @exception NotOwnerException if the caller principal is not an owner
- * of the ACL.
- */
- public boolean addOwner(Principal caller, Principal owner)
- throws NotOwnerException;
-
- /**
- * Deletes an owner. If this is the last owner in the ACL, an exception is
- * raised.<p>
- *
- * The caller principal must be an owner of the ACL in order to invoke
- * this method.
- *
- * @param caller the principal invoking this method. It must be an owner
- * of the ACL.
- *
- * @param owner the owner to be removed from the list of owners.
- *
- * @return true if the owner is removed, false if the owner is not part
- * of the list of owners.
- *
- * @exception NotOwnerException if the caller principal is not an owner
- * of the ACL.
- *
- * @exception LastOwnerException if there is only one owner left, so that
- * deleteOwner would leave the ACL owner-less.
- */
- public boolean deleteOwner(Principal caller, Principal owner)
- throws NotOwnerException, LastOwnerException;
-
- /**
- * Returns true if the given principal is an owner of the ACL.
- *
- * @param owner the principal to be checked to determine whether or not
- * it is an owner.
- *
- * @return true if the passed principal is in the list of owners, false
- * if not.
- */
- public boolean isOwner(Principal owner);
-
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/Permission.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package java.security.acl;
-
-
-/**
- * This interface represents a permission, such as that used to grant
- * a particular type of access to a resource.
- *
- * @author Satish Dharmaraj
- */
-public interface Permission {
-
- /**
- * Returns true if the object passed matches the permission represented
- * in this interface.
- *
- * @param another the Permission object to compare with.
- *
- * @return true if the Permission objects are equal, false otherwise
- */
- public boolean equals(Object another);
-
- /**
- * Prints a string representation of this permission.
- *
- * @return the string representation of the permission.
- */
- public String toString();
-
-}
--- a/jdk/src/java.security.acl/share/classes/java/security/acl/package-info.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- * The classes and interfaces in this package have been
- * superseded by classes in the java.security package.
- * See that package and, for example, java.security.Permission for details.
- *
- * @since 1.1
- */
-package java.security.acl;
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/AclEntryImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,181 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package sun.security.acl;
-
-import java.util.*;
-import java.security.Principal;
-import java.security.acl.*;
-
-/**
- * This is a class that describes one entry that associates users
- * or groups with permissions in the ACL.
- * The entry may be used as a way of granting or denying permissions.
- * @author Satish Dharmaraj
- */
-public class AclEntryImpl implements AclEntry {
- private Principal user = null;
- private Vector<Permission> permissionSet = new Vector<>(10, 10);
- private boolean negative = false;
-
- /**
- * Construct an ACL entry that associates a user with permissions
- * in the ACL.
- * @param user The user that is associated with this entry.
- */
- public AclEntryImpl(Principal user) {
- this.user = user;
- }
-
- /**
- * Construct a null ACL entry
- */
- public AclEntryImpl() {
- }
-
- /**
- * Sets the principal in the entity. If a group or a
- * principal had already been set, a false value is
- * returned, otherwise a true value is returned.
- * @param user The user that is associated with this entry.
- * @return true if the principal is set, false if there is
- * one already.
- */
- public boolean setPrincipal(Principal user) {
- if (this.user != null)
- return false;
- this.user = user;
- return true;
- }
-
- /**
- * This method sets the ACL to have negative permissions.
- * That is the user or group is denied the permission set
- * specified in the entry.
- */
- public void setNegativePermissions() {
- negative = true;
- }
-
- /**
- * Returns true if this is a negative ACL.
- */
- public boolean isNegative() {
- return negative;
- }
-
- /**
- * A principal or a group can be associated with multiple
- * permissions. This method adds a permission to the ACL entry.
- * @param permission The permission to be associated with
- * the principal or the group in the entry.
- * @return true if the permission was added, false if the
- * permission was already part of the permission set.
- */
- public boolean addPermission(Permission permission) {
-
- if (permissionSet.contains(permission))
- return false;
-
- permissionSet.addElement(permission);
-
- return true;
- }
-
- /**
- * The method disassociates the permission from the Principal
- * or the Group in this ACL entry.
- * @param permission The permission to be disassociated with
- * the principal or the group in the entry.
- * @return true if the permission is removed, false if the
- * permission is not part of the permission set.
- */
- public boolean removePermission(Permission permission) {
- return permissionSet.removeElement(permission);
- }
-
- /**
- * Checks if the passed permission is part of the allowed
- * permission set in this entry.
- * @param permission The permission that has to be part of
- * the permission set in the entry.
- * @return true if the permission passed is part of the
- * permission set in the entry, false otherwise.
- */
- public boolean checkPermission(Permission permission) {
- return permissionSet.contains(permission);
- }
-
- /**
- * return an enumeration of the permissions in this ACL entry.
- */
- public Enumeration<Permission> permissions() {
- return permissionSet.elements();
- }
-
- /**
- * Return a string representation of the contents of the ACL entry.
- */
- public String toString() {
- StringBuffer s = new StringBuffer();
- if (negative)
- s.append("-");
- else
- s.append("+");
- if (user instanceof Group)
- s.append("Group.");
- else
- s.append("User.");
- s.append(user + "=");
- Enumeration<Permission> e = permissions();
- while(e.hasMoreElements()) {
- Permission p = e.nextElement();
- s.append(p);
- if (e.hasMoreElements())
- s.append(",");
- }
- return new String(s);
- }
-
- /**
- * Clones an AclEntry.
- */
- @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
- public synchronized Object clone() {
- AclEntryImpl cloned;
- cloned = new AclEntryImpl(user);
- cloned.permissionSet = (Vector<Permission>) permissionSet.clone();
- cloned.negative = negative;
- return cloned;
- }
-
- /**
- * Return the Principal associated in this ACL entry.
- * The method returns null if the entry uses a group
- * instead of a principal.
- */
- public Principal getPrincipal() {
- return user;
- }
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/AclImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,408 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.io.*;
-import java.util.*;
-import java.security.Principal;
-import java.security.acl.*;
-
-/**
- * An Access Control List (ACL) is encapsulated by this class.
- * @author Satish Dharmaraj
- */
-public class AclImpl extends OwnerImpl implements Acl {
- //
- // Maintain four tables. one each for positive and negative
- // ACLs. One each depending on whether the entity is a group
- // or principal.
- //
- private Hashtable<Principal, AclEntry> allowedUsersTable =
- new Hashtable<>(23);
- private Hashtable<Principal, AclEntry> allowedGroupsTable =
- new Hashtable<>(23);
- private Hashtable<Principal, AclEntry> deniedUsersTable =
- new Hashtable<>(23);
- private Hashtable<Principal, AclEntry> deniedGroupsTable =
- new Hashtable<>(23);
- private String aclName = null;
- private Vector<Permission> zeroSet = new Vector<>(1,1);
-
-
- /**
- * Constructor for creating an empty ACL.
- */
- public AclImpl(Principal owner, String name) {
- super(owner);
- try {
- setName(owner, name);
- } catch (Exception e) {}
- }
-
- /**
- * Sets the name of the ACL.
- * @param caller the principal who is invoking this method.
- * @param name the name of the ACL.
- * @exception NotOwnerException if the caller principal is
- * not on the owners list of the Acl.
- */
- public void setName(Principal caller, String name)
- throws NotOwnerException
- {
- if (!isOwner(caller))
- throw new NotOwnerException();
-
- aclName = name;
- }
-
- /**
- * Returns the name of the ACL.
- * @return the name of the ACL.
- */
- public String getName() {
- return aclName;
- }
-
- /**
- * Adds an ACL entry to this ACL. An entry associates a
- * group or a principal with a set of permissions. Each
- * user or group can have one positive ACL entry and one
- * negative ACL entry. If there is one of the type (negative
- * or positive) already in the table, a false value is returned.
- * The caller principal must be a part of the owners list of
- * the ACL in order to invoke this method.
- * @param caller the principal who is invoking this method.
- * @param entry the ACL entry that must be added to the ACL.
- * @return true on success, false if the entry is already present.
- * @exception NotOwnerException if the caller principal
- * is not on the owners list of the Acl.
- */
- public synchronized boolean addEntry(Principal caller, AclEntry entry)
- throws NotOwnerException
- {
- if (!isOwner(caller))
- throw new NotOwnerException();
-
- Hashtable<Principal, AclEntry> aclTable = findTable(entry);
- Principal key = entry.getPrincipal();
-
- if (aclTable.get(key) != null)
- return false;
-
- aclTable.put(key, entry);
- return true;
- }
-
- /**
- * Removes an ACL entry from this ACL.
- * The caller principal must be a part of the owners list of the ACL
- * in order to invoke this method.
- * @param caller the principal who is invoking this method.
- * @param entry the ACL entry that must be removed from the ACL.
- * @return true on success, false if the entry is not part of the ACL.
- * @exception NotOwnerException if the caller principal is not
- * the owners list of the Acl.
- */
- public synchronized boolean removeEntry(Principal caller, AclEntry entry)
- throws NotOwnerException
- {
- if (!isOwner(caller))
- throw new NotOwnerException();
-
- Hashtable<Principal, AclEntry> aclTable = findTable(entry);
- Principal key = entry.getPrincipal();
-
- AclEntry o = aclTable.remove(key);
- return (o != null);
- }
-
- /**
- * This method returns the set of allowed permissions for the
- * specified principal. This set of allowed permissions is calculated
- * as follows:
- *
- * If there is no entry for a group or a principal an empty permission
- * set is assumed.
- *
- * The group positive permission set is the union of all
- * the positive permissions of each group that the individual belongs to.
- * The group negative permission set is the union of all
- * the negative permissions of each group that the individual belongs to.
- * If there is a specific permission that occurs in both
- * the postive permission set and the negative permission set,
- * it is removed from both. The group positive and negatoive permission
- * sets are calculated.
- *
- * The individial positive permission set and the individual negative
- * permission set is then calculated. Again abscence of an entry means
- * the empty set.
- *
- * The set of permissions granted to the principal is then calculated using
- * the simple rule: Individual permissions always override the Group permissions.
- * Specifically, individual negative permission set (specific
- * denial of permissions) overrides the group positive permission set.
- * And the individual positive permission set override the group negative
- * permission set.
- *
- * @param user the principal for which the ACL entry is returned.
- * @return The resulting permission set that the principal is allowed.
- */
- public synchronized Enumeration<Permission> getPermissions(Principal user) {
-
- Enumeration<Permission> individualPositive;
- Enumeration<Permission> individualNegative;
- Enumeration<Permission> groupPositive;
- Enumeration<Permission> groupNegative;
-
- //
- // canonicalize the sets. That is remove common permissions from
- // positive and negative sets.
- //
- groupPositive =
- subtract(getGroupPositive(user), getGroupNegative(user));
- groupNegative =
- subtract(getGroupNegative(user), getGroupPositive(user));
- individualPositive =
- subtract(getIndividualPositive(user), getIndividualNegative(user));
- individualNegative =
- subtract(getIndividualNegative(user), getIndividualPositive(user));
-
- //
- // net positive permissions is individual positive permissions
- // plus (group positive - individual negative).
- //
- Enumeration<Permission> temp1 =
- subtract(groupPositive, individualNegative);
- Enumeration<Permission> netPositive =
- union(individualPositive, temp1);
-
- // recalculate the enumeration since we lost it in performing the
- // subtraction
- //
- individualPositive =
- subtract(getIndividualPositive(user), getIndividualNegative(user));
- individualNegative =
- subtract(getIndividualNegative(user), getIndividualPositive(user));
-
- //
- // net negative permissions is individual negative permissions
- // plus (group negative - individual positive).
- //
- temp1 = subtract(groupNegative, individualPositive);
- Enumeration<Permission> netNegative = union(individualNegative, temp1);
-
- return subtract(netPositive, netNegative);
- }
-
- /**
- * This method checks whether or not the specified principal
- * has the required permission. If permission is denied
- * permission false is returned, a true value is returned otherwise.
- * This method does not authenticate the principal. It presumes that
- * the principal is a valid authenticated principal.
- * @param principal the name of the authenticated principal
- * @param permission the permission that the principal must have.
- * @return true of the principal has the permission desired, false
- * otherwise.
- */
- public boolean checkPermission(Principal principal, Permission permission)
- {
- Enumeration<Permission> permSet = getPermissions(principal);
- while (permSet.hasMoreElements()) {
- Permission p = permSet.nextElement();
- if (p.equals(permission))
- return true;
- }
- return false;
- }
-
- /**
- * returns an enumeration of the entries in this ACL.
- */
- public synchronized Enumeration<AclEntry> entries() {
- return new AclEnumerator(this,
- allowedUsersTable, allowedGroupsTable,
- deniedUsersTable, deniedGroupsTable);
- }
-
- /**
- * return a stringified version of the
- * ACL.
- */
- public String toString() {
- StringBuilder sb = new StringBuilder();
- Enumeration<AclEntry> entries = entries();
- while (entries.hasMoreElements()) {
- AclEntry entry = entries.nextElement();
- sb.append(entry.toString().trim());
- sb.append("\n");
- }
-
- return sb.toString();
- }
-
- //
- // Find the table that this entry belongs to. There are 4
- // tables that are maintained. One each for postive and
- // negative ACLs and one each for groups and users.
- // This method figures out which
- // table is the one that this AclEntry belongs to.
- //
- private Hashtable<Principal, AclEntry> findTable(AclEntry entry) {
- Hashtable<Principal, AclEntry> aclTable = null;
-
- Principal p = entry.getPrincipal();
- if (p instanceof Group) {
- if (entry.isNegative())
- aclTable = deniedGroupsTable;
- else
- aclTable = allowedGroupsTable;
- } else {
- if (entry.isNegative())
- aclTable = deniedUsersTable;
- else
- aclTable = allowedUsersTable;
- }
- return aclTable;
- }
-
- //
- // returns the set e1 U e2.
- //
- private static Enumeration<Permission> union(Enumeration<Permission> e1,
- Enumeration<Permission> e2) {
- Vector<Permission> v = new Vector<>(20, 20);
-
- while (e1.hasMoreElements())
- v.addElement(e1.nextElement());
-
- while (e2.hasMoreElements()) {
- Permission o = e2.nextElement();
- if (!v.contains(o))
- v.addElement(o);
- }
-
- return v.elements();
- }
-
- //
- // returns the set e1 - e2.
- //
- private Enumeration<Permission> subtract(Enumeration<Permission> e1,
- Enumeration<Permission> e2) {
- Vector<Permission> v = new Vector<>(20, 20);
-
- while (e1.hasMoreElements())
- v.addElement(e1.nextElement());
-
- while (e2.hasMoreElements()) {
- Permission o = e2.nextElement();
- if (v.contains(o))
- v.removeElement(o);
- }
-
- return v.elements();
- }
-
- private Enumeration<Permission> getGroupPositive(Principal user) {
- Enumeration<Permission> groupPositive = zeroSet.elements();
- Enumeration<Principal> e = allowedGroupsTable.keys();
- while (e.hasMoreElements()) {
- Group g = (Group)e.nextElement();
- if (g.isMember(user)) {
- AclEntry ae = allowedGroupsTable.get(g);
- groupPositive = union(ae.permissions(), groupPositive);
- }
- }
- return groupPositive;
- }
-
- private Enumeration<Permission> getGroupNegative(Principal user) {
- Enumeration<Permission> groupNegative = zeroSet.elements();
- Enumeration<Principal> e = deniedGroupsTable.keys();
- while (e.hasMoreElements()) {
- Group g = (Group)e.nextElement();
- if (g.isMember(user)) {
- AclEntry ae = deniedGroupsTable.get(g);
- groupNegative = union(ae.permissions(), groupNegative);
- }
- }
- return groupNegative;
- }
-
- private Enumeration<Permission> getIndividualPositive(Principal user) {
- Enumeration<Permission> individualPositive = zeroSet.elements();
- AclEntry ae = allowedUsersTable.get(user);
- if (ae != null)
- individualPositive = ae.permissions();
- return individualPositive;
- }
-
- private Enumeration<Permission> getIndividualNegative(Principal user) {
- Enumeration<Permission> individualNegative = zeroSet.elements();
- AclEntry ae = deniedUsersTable.get(user);
- if (ae != null)
- individualNegative = ae.permissions();
- return individualNegative;
- }
-}
-
-final class AclEnumerator implements Enumeration<AclEntry> {
- Acl acl;
- Enumeration<AclEntry> u1, u2, g1, g2;
-
- AclEnumerator(Acl acl, Hashtable<?,AclEntry> u1, Hashtable<?,AclEntry> g1,
- Hashtable<?,AclEntry> u2, Hashtable<?,AclEntry> g2) {
- this.acl = acl;
- this.u1 = u1.elements();
- this.u2 = u2.elements();
- this.g1 = g1.elements();
- this.g2 = g2.elements();
- }
-
- public boolean hasMoreElements() {
- return (u1.hasMoreElements() ||
- u2.hasMoreElements() ||
- g1.hasMoreElements() ||
- g2.hasMoreElements());
- }
-
- public AclEntry nextElement()
- {
- AclEntry o;
- synchronized (acl) {
- if (u1.hasMoreElements())
- return u1.nextElement();
- if (u2.hasMoreElements())
- return u2.nextElement();
- if (g1.hasMoreElements())
- return g1.nextElement();
- if (g2.hasMoreElements())
- return g2.nextElement();
- }
- throw new NoSuchElementException("Acl Enumerator");
- }
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/AllPermissionsImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1996, 1997, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.security.Principal;
-import java.security.acl.*;
-
-/**
- * This class implements the principal interface for the set of all permissions.
- * @author Satish Dharmaraj
- */
-public class AllPermissionsImpl extends PermissionImpl {
-
- public AllPermissionsImpl(String s) {
- super(s);
- }
-
- /**
- * This function returns true if the permission passed matches the permission represented in
- * this interface.
- * @param another The Permission object to compare with.
- * @returns true always
- */
- public boolean equals(Permission another) {
- return true;
- }
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/GroupImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,186 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.util.*;
-import java.security.*;
-import java.security.acl.*;
-
-/**
- * This class implements a group of principals.
- * @author Satish Dharmaraj
- */
-public class GroupImpl implements Group {
- private Vector<Principal> groupMembers = new Vector<>(50, 100);
- private String group;
-
- /**
- * Constructs a Group object with no members.
- * @param groupName the name of the group
- */
- public GroupImpl(String groupName) {
- this.group = groupName;
- }
-
- /**
- * adds the specified member to the group.
- * @param user The principal to add to the group.
- * @return true if the member was added - false if the
- * member could not be added.
- */
- public boolean addMember(Principal user) {
- if (groupMembers.contains(user))
- return false;
-
- // do not allow groups to be added to itself.
- if (group.equals(user.toString()))
- throw new IllegalArgumentException();
-
- groupMembers.addElement(user);
- return true;
- }
-
- /**
- * removes the specified member from the group.
- * @param user The principal to remove from the group.
- * @param true if the principal was removed false if
- * the principal was not a member
- */
- public boolean removeMember(Principal user) {
- return groupMembers.removeElement(user);
- }
-
- /**
- * returns the enumeration of the members in the group.
- */
- public Enumeration<? extends Principal> members() {
- return groupMembers.elements();
- }
-
- /**
- * This function returns true if the group passed matches
- * the group represented in this interface.
- * @param another The group to compare this group to.
- */
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj instanceof Group == false) {
- return false;
- }
- Group another = (Group)obj;
- return group.equals(another.toString());
- }
-
- // equals(Group) for compatibility
- public boolean equals(Group another) {
- return equals((Object)another);
- }
-
- /**
- * Prints a stringified version of the group.
- */
- public String toString() {
- return group;
- }
-
- /**
- * return a hashcode for the principal.
- */
- public int hashCode() {
- return group.hashCode();
- }
-
- /**
- * returns true if the passed principal is a member of the group.
- * @param member The principal whose membership must be checked for.
- * @return true if the principal is a member of this group,
- * false otherwise
- */
- public boolean isMember(Principal member) {
-
- //
- // if the member is part of the group (common case), return true.
- // if not, recursively search depth first in the group looking for the
- // principal.
- //
- if (groupMembers.contains(member)) {
- return true;
- } else {
- Vector<Group> alreadySeen = new Vector<>(10);
- return isMemberRecurse(member, alreadySeen);
- }
- }
-
- /**
- * return the name of the principal.
- */
- public String getName() {
- return group;
- }
-
- //
- // This function is the recursive search of groups for this
- // implementation of the Group. The search proceeds building up
- // a vector of already seen groups. Only new groups are considered,
- // thereby avoiding loops.
- //
- boolean isMemberRecurse(Principal member, Vector<Group> alreadySeen) {
- Enumeration<? extends Principal> e = members();
- while (e.hasMoreElements()) {
- boolean mem = false;
- Principal p = (Principal) e.nextElement();
-
- // if the member is in this collection, return true
- if (p.equals(member)) {
- return true;
- } else if (p instanceof GroupImpl) {
- //
- // if not recurse if the group has not been checked already.
- // Can call method in this package only if the object is an
- // instance of this class. Otherwise call the method defined
- // in the interface. (This can lead to a loop if a mixture of
- // implementations form a loop, but we live with this improbable
- // case rather than clutter the interface by forcing the
- // implementation of this method.)
- //
- GroupImpl g = (GroupImpl) p;
- alreadySeen.addElement(this);
- if (!alreadySeen.contains(g))
- mem = g.isMemberRecurse(member, alreadySeen);
- } else if (p instanceof Group) {
- Group g = (Group) p;
- if (!alreadySeen.contains(g))
- mem = g.isMember(member);
- }
-
- if (mem)
- return mem;
- }
- return false;
- }
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/OwnerImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.util.*;
-import java.security.*;
-import java.security.acl.*;
-
-/**
- * Class implementing the Owner interface. The
- * initial owner principal is configured as
- * part of the constructor.
- * @author Satish Dharmaraj
- */
-public class OwnerImpl implements Owner {
- private Group ownerGroup;
-
- public OwnerImpl(Principal owner) {
- ownerGroup = new GroupImpl("AclOwners");
- ownerGroup.addMember(owner);
- }
-
- /**
- * Adds an owner. Owners can modify ACL contents and can disassociate
- * ACLs from the objects they protect in the AclConfig interface.
- * The caller principal must be a part of the owners list of the ACL in
- * order to invoke this method. The initial owner is configured
- * at ACL construction time.
- * @param caller the principal who is invoking this method.
- * @param owner The owner that should be added to the owners list.
- * @return true if success, false if already an owner.
- * @exception NotOwnerException if the caller principal is not on
- * the owners list of the Acl.
- */
- public synchronized boolean addOwner(Principal caller, Principal owner)
- throws NotOwnerException
- {
- if (!isOwner(caller))
- throw new NotOwnerException();
-
- ownerGroup.addMember(owner);
- return false;
- }
-
- /**
- * Delete owner. If this is the last owner in the ACL, an exception is
- * raised.
- * The caller principal must be a part of the owners list of the ACL in
- * order to invoke this method.
- * @param caller the principal who is invoking this method.
- * @param owner The owner to be removed from the owners list.
- * @return true if the owner is removed, false if the owner is not part
- * of the owners list.
- * @exception NotOwnerException if the caller principal is not on
- * the owners list of the Acl.
- * @exception LastOwnerException if there is only one owner left in the group, then
- * deleteOwner would leave the ACL owner-less. This exception is raised in such a case.
- */
- public synchronized boolean deleteOwner(Principal caller, Principal owner)
- throws NotOwnerException, LastOwnerException
- {
- if (!isOwner(caller))
- throw new NotOwnerException();
-
- Enumeration<? extends Principal> e = ownerGroup.members();
- //
- // check if there is atleast 2 members left.
- //
- Object o = e.nextElement();
- if (e.hasMoreElements())
- return ownerGroup.removeMember(owner);
- else
- throw new LastOwnerException();
-
- }
-
- /**
- * returns if the given principal belongs to the owner list.
- * @param owner The owner to check if part of the owners list
- * @return true if the passed principal is in the owner list, false if not.
- */
- public synchronized boolean isOwner(Principal owner) {
- return ownerGroup.isMember(owner);
- }
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/PermissionImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.security.Principal;
-import java.security.acl.*;
-
-/**
- * The PermissionImpl class implements the permission
- * interface for permissions that are strings.
- * @author Satish Dharmaraj
- */
-public class PermissionImpl implements Permission {
-
- private String permission;
-
- /**
- * Construct a permission object using a string.
- * @param permission the stringified version of the permission.
- */
- public PermissionImpl(String permission) {
- this.permission = permission;
- }
-
- /**
- * This function returns true if the object passed matches the permission
- * represented in this interface.
- * @param another The Permission object to compare with.
- * @return true if the Permission objects are equal, false otherwise
- */
- public boolean equals(Object another) {
- if (another instanceof Permission) {
- Permission p = (Permission) another;
- return permission.equals(p.toString());
- } else {
- return false;
- }
- }
-
- /**
- * Prints a stringified version of the permission.
- * @return the string representation of the Permission.
- */
- public String toString() {
- return permission;
- }
-
- /**
- * Returns a hashcode for this PermissionImpl.
- *
- * @return a hashcode for this PermissionImpl.
- */
- public int hashCode() {
- return toString().hashCode();
- }
-
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/PrincipalImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.security.*;
-
-/**
- * This class implements the principal interface.
- *
- * @author Satish Dharmaraj
- */
-public class PrincipalImpl implements Principal {
-
- private String user;
-
- /**
- * Construct a principal from a string user name.
- * @param user The string form of the principal name.
- */
- public PrincipalImpl(String user) {
- this.user = user;
- }
-
- /**
- * This function returns true if the object passed matches
- * the principal represented in this implementation
- * @param another the Principal to compare with.
- * @return true if the Principal passed is the same as that
- * encapsulated in this object, false otherwise
- */
- public boolean equals(Object another) {
- if (another instanceof PrincipalImpl) {
- PrincipalImpl p = (PrincipalImpl) another;
- return user.equals(p.toString());
- } else
- return false;
- }
-
- /**
- * Prints a stringified version of the principal.
- */
- public String toString() {
- return user;
- }
-
- /**
- * return a hashcode for the principal.
- */
- public int hashCode() {
- return user.hashCode();
- }
-
- /**
- * return the name of the principal.
- */
- public String getName() {
- return user;
- }
-
-}
--- a/jdk/src/java.security.acl/share/classes/sun/security/acl/WorldGroupImpl.java Tue Feb 03 14:39:57 2015 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.acl;
-
-import java.security.*;
-
-/**
- * This class implements a group of principals.
- * @author Satish Dharmaraj
- */
-public class WorldGroupImpl extends GroupImpl {
-
- public WorldGroupImpl(String s) {
- super(s);
- }
-
- /**
- * returns true for all passed principals
- * @param member The principal whose membership must be checked in this Group.
- * @return true always since this is the "world" group.
- */
- public boolean isMember(Principal member) {
- return true;
- }
-}